ID CVE-2018-9304
Summary In Exiv2 0.26, a divide by zero in BigTiffImage::printIFD in bigtiffimage.cpp could result in denial of service.
References
Vulnerable Configurations
  • cpe:2.3:a:exiv2:exiv2:0.3:*:*:*:*:*:*:*
    cpe:2.3:a:exiv2:exiv2:0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:exiv2:exiv2:0.4:*:*:*:*:*:*:*
    cpe:2.3:a:exiv2:exiv2:0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:exiv2:exiv2:0.5:*:*:*:*:*:*:*
    cpe:2.3:a:exiv2:exiv2:0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:exiv2:exiv2:0.6:*:*:*:*:*:*:*
    cpe:2.3:a:exiv2:exiv2:0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:exiv2:exiv2:0.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:exiv2:exiv2:0.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:exiv2:exiv2:0.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:exiv2:exiv2:0.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:exiv2:exiv2:0.7:*:*:*:*:*:*:*
    cpe:2.3:a:exiv2:exiv2:0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:exiv2:exiv2:0.8:*:*:*:*:*:*:*
    cpe:2.3:a:exiv2:exiv2:0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:exiv2:exiv2:0.9:*:*:*:*:*:*:*
    cpe:2.3:a:exiv2:exiv2:0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:exiv2:exiv2:0.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:exiv2:exiv2:0.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:exiv2:exiv2:0.10:*:*:*:*:*:*:*
    cpe:2.3:a:exiv2:exiv2:0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:exiv2:exiv2:0.11:*:*:*:*:*:*:*
    cpe:2.3:a:exiv2:exiv2:0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:exiv2:exiv2:0.12:*:*:*:*:*:*:*
    cpe:2.3:a:exiv2:exiv2:0.12:*:*:*:*:*:*:*
  • cpe:2.3:a:exiv2:exiv2:0.13:*:*:*:*:*:*:*
    cpe:2.3:a:exiv2:exiv2:0.13:*:*:*:*:*:*:*
  • cpe:2.3:a:exiv2:exiv2:0.14:*:*:*:*:*:*:*
    cpe:2.3:a:exiv2:exiv2:0.14:*:*:*:*:*:*:*
  • cpe:2.3:a:exiv2:exiv2:0.15:*:*:*:*:*:*:*
    cpe:2.3:a:exiv2:exiv2:0.15:*:*:*:*:*:*:*
  • cpe:2.3:a:exiv2:exiv2:0.16:-:*:*:*:*:*:*
    cpe:2.3:a:exiv2:exiv2:0.16:-:*:*:*:*:*:*
  • cpe:2.3:a:exiv2:exiv2:0.16:pre1:*:*:*:*:*:*
    cpe:2.3:a:exiv2:exiv2:0.16:pre1:*:*:*:*:*:*
  • cpe:2.3:a:exiv2:exiv2:0.17:*:*:*:*:*:*:*
    cpe:2.3:a:exiv2:exiv2:0.17:*:*:*:*:*:*:*
  • cpe:2.3:a:exiv2:exiv2:0.17.1:*:*:*:*:*:*:*
    cpe:2.3:a:exiv2:exiv2:0.17.1:*:*:*:*:*:*:*
  • cpe:2.3:a:exiv2:exiv2:0.18:-:*:*:*:*:*:*
    cpe:2.3:a:exiv2:exiv2:0.18:-:*:*:*:*:*:*
  • cpe:2.3:a:exiv2:exiv2:0.18:pre1:*:*:*:*:*:*
    cpe:2.3:a:exiv2:exiv2:0.18:pre1:*:*:*:*:*:*
  • cpe:2.3:a:exiv2:exiv2:0.18:pre2:*:*:*:*:*:*
    cpe:2.3:a:exiv2:exiv2:0.18:pre2:*:*:*:*:*:*
  • cpe:2.3:a:exiv2:exiv2:0.18.1:*:*:*:*:*:*:*
    cpe:2.3:a:exiv2:exiv2:0.18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:exiv2:exiv2:0.18.2:*:*:*:*:*:*:*
    cpe:2.3:a:exiv2:exiv2:0.18.2:*:*:*:*:*:*:*
  • cpe:2.3:a:exiv2:exiv2:0.19:*:*:*:*:*:*:*
    cpe:2.3:a:exiv2:exiv2:0.19:*:*:*:*:*:*:*
  • cpe:2.3:a:exiv2:exiv2:0.20:*:*:*:*:*:*:*
    cpe:2.3:a:exiv2:exiv2:0.20:*:*:*:*:*:*:*
  • cpe:2.3:a:exiv2:exiv2:0.21:*:*:*:*:*:*:*
    cpe:2.3:a:exiv2:exiv2:0.21:*:*:*:*:*:*:*
  • cpe:2.3:a:exiv2:exiv2:0.21.1:*:*:*:*:*:*:*
    cpe:2.3:a:exiv2:exiv2:0.21.1:*:*:*:*:*:*:*
  • cpe:2.3:a:exiv2:exiv2:0.22:*:*:*:*:*:*:*
    cpe:2.3:a:exiv2:exiv2:0.22:*:*:*:*:*:*:*
  • cpe:2.3:a:exiv2:exiv2:0.23:*:*:*:*:*:*:*
    cpe:2.3:a:exiv2:exiv2:0.23:*:*:*:*:*:*:*
  • cpe:2.3:a:exiv2:exiv2:0.24:*:*:*:*:*:*:*
    cpe:2.3:a:exiv2:exiv2:0.24:*:*:*:*:*:*:*
  • cpe:2.3:a:exiv2:exiv2:0.25:*:*:*:*:*:*:*
    cpe:2.3:a:exiv2:exiv2:0.25:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 27-02-2019 - 19:26)
Impact:
Exploitability:
CWE CWE-369
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
redhat via4
rpms
  • exiv2-0:0.27.2-5.el8
  • exiv2-debuginfo-0:0.27.2-5.el8
  • exiv2-debugsource-0:0.27.2-5.el8
  • exiv2-devel-0:0.27.2-5.el8
  • exiv2-doc-0:0.27.2-5.el8
  • exiv2-libs-0:0.27.2-5.el8
  • exiv2-libs-debuginfo-0:0.27.2-5.el8
  • gegl-0:0.2.0-39.el8
  • gegl-debuginfo-0:0.2.0-39.el8
  • gegl-debugsource-0:0.2.0-39.el8
  • gnome-color-manager-0:3.28.0-3.el8
  • gnome-color-manager-debuginfo-0:3.28.0-3.el8
  • gnome-color-manager-debugsource-0:3.28.0-3.el8
  • libgexiv2-0:0.10.8-4.el8
  • libgexiv2-debuginfo-0:0.10.8-4.el8
  • libgexiv2-debugsource-0:0.10.8-4.el8
  • libgexiv2-devel-0:0.10.8-4.el8
refmap via4
gentoo GLSA-201811-14
misc
Last major update 27-02-2019 - 19:26
Published 04-04-2018 - 21:29
Last modified 27-02-2019 - 19:26
Back to Top